//===----------------------------------------------------------------------===//
//
// This source file is part of the Soto for AWS open source project
//
// Copyright (c) 2017-2022 the Soto project authors
// Licensed under Apache License v2.0
//
// See LICENSE.txt for license information
// See CONTRIBUTORS.txt for the list of Soto project authors
//
// SPDX-License-Identifier: Apache-2.0
//
//===----------------------------------------------------------------------===//

// THIS FILE IS AUTOMATICALLY GENERATED by https://github.com/soto-project/soto-codegenerator.
// DO NOT EDIT.

import Foundation
import SotoCore

extension ACMPCA {
    // MARK: Enums

    public enum AccessMethodType: String, CustomStringConvertible, Codable, _SotoSendable {
        case caRepository = "CA_REPOSITORY"
        case resourcePkiManifest = "RESOURCE_PKI_MANIFEST"
        case resourcePkiNotify = "RESOURCE_PKI_NOTIFY"
        public var description: String { return self.rawValue }
    }

    public enum ActionType: String, CustomStringConvertible, Codable, _SotoSendable {
        case getCertificate = "GetCertificate"
        case issueCertificate = "IssueCertificate"
        case listPermissions = "ListPermissions"
        public var description: String { return self.rawValue }
    }

    public enum AuditReportResponseFormat: String, CustomStringConvertible, Codable, _SotoSendable {
        case csv = "CSV"
        case json = "JSON"
        public var description: String { return self.rawValue }
    }

    public enum AuditReportStatus: String, CustomStringConvertible, Codable, _SotoSendable {
        case creating = "CREATING"
        case failed = "FAILED"
        case success = "SUCCESS"
        public var description: String { return self.rawValue }
    }

    public enum CertificateAuthorityStatus: String, CustomStringConvertible, Codable, _SotoSendable {
        case active = "ACTIVE"
        case creating = "CREATING"
        case deleted = "DELETED"
        case disabled = "DISABLED"
        case expired = "EXPIRED"
        case failed = "FAILED"
        case pendingCertificate = "PENDING_CERTIFICATE"
        public var description: String { return self.rawValue }
    }

    public enum CertificateAuthorityType: String, CustomStringConvertible, Codable, _SotoSendable {
        case root = "ROOT"
        case subordinate = "SUBORDINATE"
        public var description: String { return self.rawValue }
    }

    public enum CertificateAuthorityUsageMode: String, CustomStringConvertible, Codable, _SotoSendable {
        case generalPurpose = "GENERAL_PURPOSE"
        case shortLivedCertificate = "SHORT_LIVED_CERTIFICATE"
        public var description: String { return self.rawValue }
    }

    public enum ExtendedKeyUsageType: String, CustomStringConvertible, Codable, _SotoSendable {
        case certificateTransparency = "CERTIFICATE_TRANSPARENCY"
        case clientAuth = "CLIENT_AUTH"
        case codeSigning = "CODE_SIGNING"
        case documentSigning = "DOCUMENT_SIGNING"
        case emailProtection = "EMAIL_PROTECTION"
        case ocspSigning = "OCSP_SIGNING"
        case serverAuth = "SERVER_AUTH"
        case smartCardLogin = "SMART_CARD_LOGIN"
        case timeStamping = "TIME_STAMPING"
        public var description: String { return self.rawValue }
    }

    public enum FailureReason: String, CustomStringConvertible, Codable, _SotoSendable {
        case other = "OTHER"
        case requestTimedOut = "REQUEST_TIMED_OUT"
        case unsupportedAlgorithm = "UNSUPPORTED_ALGORITHM"
        public var description: String { return self.rawValue }
    }

    public enum KeyAlgorithm: String, CustomStringConvertible, Codable, _SotoSendable {
        case ecPrime256V1 = "EC_prime256v1"
        case ecSecp384R1 = "EC_secp384r1"
        case rsa2048 = "RSA_2048"
        case rsa4096 = "RSA_4096"
        public var description: String { return self.rawValue }
    }

    public enum KeyStorageSecurityStandard: String, CustomStringConvertible, Codable, _SotoSendable {
        case fips1402Level2OrHigher = "FIPS_140_2_LEVEL_2_OR_HIGHER"
        case fips1402Level3OrHigher = "FIPS_140_2_LEVEL_3_OR_HIGHER"
        public var description: String { return self.rawValue }
    }

    public enum PolicyQualifierId: String, CustomStringConvertible, Codable, _SotoSendable {
        case cps = "CPS"
        public var description: String { return self.rawValue }
    }

    public enum ResourceOwner: String, CustomStringConvertible, Codable, _SotoSendable {
        case _self = "SELF"
        case otherAccounts = "OTHER_ACCOUNTS"
        public var description: String { return self.rawValue }
    }

    public enum RevocationReason: String, CustomStringConvertible, Codable, _SotoSendable {
        case aACompromise = "A_A_COMPROMISE"
        case affiliationChanged = "AFFILIATION_CHANGED"
        case certificateAuthorityCompromise = "CERTIFICATE_AUTHORITY_COMPROMISE"
        case cessationOfOperation = "CESSATION_OF_OPERATION"
        case keyCompromise = "KEY_COMPROMISE"
        case privilegeWithdrawn = "PRIVILEGE_WITHDRAWN"
        case superseded = "SUPERSEDED"
        case unspecified = "UNSPECIFIED"
        public var description: String { return self.rawValue }
    }

    public enum S3ObjectAcl: String, CustomStringConvertible, Codable, _SotoSendable {
        case bucketOwnerFullControl = "BUCKET_OWNER_FULL_CONTROL"
        case publicRead = "PUBLIC_READ"
        public var description: String { return self.rawValue }
    }

    public enum SigningAlgorithm: String, CustomStringConvertible, Codable, _SotoSendable {
        case sha256withecdsa = "SHA256WITHECDSA"
        case sha256withrsa = "SHA256WITHRSA"
        case sha384withecdsa = "SHA384WITHECDSA"
        case sha384withrsa = "SHA384WITHRSA"
        case sha512withecdsa = "SHA512WITHECDSA"
        case sha512withrsa = "SHA512WITHRSA"
        public var description: String { return self.rawValue }
    }

    public enum ValidityPeriodType: String, CustomStringConvertible, Codable, _SotoSendable {
        case absolute = "ABSOLUTE"
        case days = "DAYS"
        case endDate = "END_DATE"
        case months = "MONTHS"
        case years = "YEARS"
        public var description: String { return self.rawValue }
    }

    // MARK: Shapes

    public struct ASN1Subject: AWSEncodableShape & AWSDecodableShape {
        /// For CA and end-entity certificates in a private PKI, the common name (CN) can be any
        /// 			string within the length limit.
        /// 		       Note: In publicly trusted certificates, the common name must be a fully qualified
        /// 			domain name (FQDN) associated with the certificate subject.
        public let commonName: String?
        /// Two-digit code that specifies the country in which the certificate subject
        /// 			located.
        public let country: String?
        /// 		       Contains a sequence of one or more X.500 relative distinguished names (RDNs), each of
        /// 			which consists of an object identifier (OID) and a value. For more information, see
        /// 			NIST’s definition of Object Identifier (OID).
        ///
        /// 			         Custom attributes cannot be used in combination with standard attributes.
        ///
        public let customAttributes: [CustomAttribute]?
        /// Disambiguating information for the certificate subject.
        public let distinguishedNameQualifier: String?
        /// Typically a qualifier appended to the name of an individual. Examples include Jr. for
        /// 			junior, Sr. for senior, and III for third.
        public let generationQualifier: String?
        /// First name.
        public let givenName: String?
        /// Concatenation that typically contains the first letter of the GivenName, the first letter of the middle name if one exists, and the
        /// 			first letter of the Surname.
        public let initials: String?
        /// The locality (such as a city or town) in which the certificate subject is
        /// 			located.
        public let locality: String?
        /// Legal name of the organization with which the certificate subject is affiliated.
        ///
        public let organization: String?
        /// A subdivision or unit of the organization (such as sales or finance) with which the
        /// 			certificate subject is affiliated.
        public let organizationalUnit: String?
        /// Typically a shortened version of a longer GivenName.
        /// 			For example, Jonathan is often shortened to John. Elizabeth is often shortened to Beth,
        /// 			Liz, or Eliza.
        public let pseudonym: String?
        /// The certificate serial number.
        public let serialNumber: String?
        /// State in which the subject of the certificate is located.
        public let state: String?
        /// Family name. In the US and the UK, for example, the surname of an individual is
        /// 			ordered last. In Asian cultures the surname is typically ordered first.
        public let surname: String?
        /// A title such as Mr. or Ms., which is pre-pended to the name to refer formally to the
        /// 			certificate subject.
        public let title: String?

        public init(commonName: String? = nil, country: String? = nil, customAttributes: [CustomAttribute]? = nil, distinguishedNameQualifier: String? = nil, generationQualifier: String? = nil, givenName: String? = nil, initials: String? = nil, locality: String? = nil, organization: String? = nil, organizationalUnit: String? = nil, pseudonym: String? = nil, serialNumber: String? = nil, state: String? = nil, surname: String? = nil, title: String? = nil) {
            self.commonName = commonName
            self.country = country
            self.customAttributes = customAttributes
            self.distinguishedNameQualifier = distinguishedNameQualifier
            self.generationQualifier = generationQualifier
            self.givenName = givenName
            self.initials = initials
            self.locality = locality
            self.organization = organization
            self.organizationalUnit = organizationalUnit
            self.pseudonym = pseudonym
            self.serialNumber = serialNumber
            self.state = state
            self.surname = surname
            self.title = title
        }

        public func validate(name: String) throws {
            try self.validate(self.commonName, name: "commonName", parent: name, max: 64)
            try self.validate(self.country, name: "country", parent: name, max: 2)
            try self.validate(self.country, name: "country", parent: name, min: 2)
            try self.validate(self.country, name: "country", parent: name, pattern: "^[A-Za-z]{2}$")
            try self.customAttributes?.forEach {
                try $0.validate(name: "\(name).customAttributes[]")
            }
            try self.validate(self.customAttributes, name: "customAttributes", parent: name, max: 30)
            try self.validate(self.customAttributes, name: "customAttributes", parent: name, min: 1)
            try self.validate(self.distinguishedNameQualifier, name: "distinguishedNameQualifier", parent: name, max: 64)
            try self.validate(self.distinguishedNameQualifier, name: "distinguishedNameQualifier", parent: name, pattern: "^[a-zA-Z0-9'()+-.?:/= ]*$")
            try self.validate(self.generationQualifier, name: "generationQualifier", parent: name, max: 3)
            try self.validate(self.givenName, name: "givenName", parent: name, max: 16)
            try self.validate(self.initials, name: "initials", parent: name, max: 5)
            try self.validate(self.locality, name: "locality", parent: name, max: 128)
            try self.validate(self.organization, name: "organization", parent: name, max: 64)
            try self.validate(self.organizationalUnit, name: "organizationalUnit", parent: name, max: 64)
            try self.validate(self.pseudonym, name: "pseudonym", parent: name, max: 128)
            try self.validate(self.serialNumber, name: "serialNumber", parent: name, max: 64)
            try self.validate(self.serialNumber, name: "serialNumber", parent: name, pattern: "^[a-zA-Z0-9'()+-.?:/= ]*$")
            try self.validate(self.state, name: "state", parent: name, max: 128)
            try self.validate(self.surname, name: "surname", parent: name, max: 40)
            try self.validate(self.title, name: "title", parent: name, max: 64)
        }

        private enum CodingKeys: String, CodingKey {
            case commonName = "CommonName"
            case country = "Country"
            case customAttributes = "CustomAttributes"
            case distinguishedNameQualifier = "DistinguishedNameQualifier"
            case generationQualifier = "GenerationQualifier"
            case givenName = "GivenName"
            case initials = "Initials"
            case locality = "Locality"
            case organization = "Organization"
            case organizationalUnit = "OrganizationalUnit"
            case pseudonym = "Pseudonym"
            case serialNumber = "SerialNumber"
            case state = "State"
            case surname = "Surname"
            case title = "Title"
        }
    }

    public struct AccessDescription: AWSEncodableShape & AWSDecodableShape {
        /// The location of AccessDescription information.
        public let accessLocation: GeneralName
        /// The type and format of AccessDescription information.
        public let accessMethod: AccessMethod

        public init(accessLocation: GeneralName, accessMethod: AccessMethod) {
            self.accessLocation = accessLocation
            self.accessMethod = accessMethod
        }

        public func validate(name: String) throws {
            try self.accessLocation.validate(name: "\(name).accessLocation")
            try self.accessMethod.validate(name: "\(name).accessMethod")
        }

        private enum CodingKeys: String, CodingKey {
            case accessLocation = "AccessLocation"
            case accessMethod = "AccessMethod"
        }
    }

    public struct AccessMethod: AWSEncodableShape & AWSDecodableShape {
        /// Specifies the AccessMethod.
        public let accessMethodType: AccessMethodType?
        /// An object identifier (OID) specifying the AccessMethod. The OID must
        /// 			satisfy the regular expression shown below. For more information, see NIST's definition
        /// 			of Object Identifier
        /// 				(OID).
        public let customObjectIdentifier: String?

        public init(accessMethodType: AccessMethodType? = nil, customObjectIdentifier: String? = nil) {
            self.accessMethodType = accessMethodType
            self.customObjectIdentifier = customObjectIdentifier
        }

        public func validate(name: String) throws {
            try self.validate(self.customObjectIdentifier, name: "customObjectIdentifier", parent: name, max: 64)
            try self.validate(self.customObjectIdentifier, name: "customObjectIdentifier", parent: name, pattern: "^([0-2])\\.([0-9]|([0-3][0-9]))((\\.([0-9]+)){0,126})$")
        }

        private enum CodingKeys: String, CodingKey {
            case accessMethodType = "AccessMethodType"
            case customObjectIdentifier = "CustomObjectIdentifier"
        }
    }

    public struct ApiPassthrough: AWSEncodableShape {
        /// Specifies X.509 extension information for a certificate.
        public let extensions: Extensions?
        public let subject: ASN1Subject?

        public init(extensions: Extensions? = nil, subject: ASN1Subject? = nil) {
            self.extensions = extensions
            self.subject = subject
        }

        public func validate(name: String) throws {
            try self.extensions?.validate(name: "\(name).extensions")
            try self.subject?.validate(name: "\(name).subject")
        }

        private enum CodingKeys: String, CodingKey {
            case extensions = "Extensions"
            case subject = "Subject"
        }
    }

    public struct CertificateAuthority: AWSDecodableShape {
        /// Amazon Resource Name (ARN) for your private certificate authority (CA). The format is
        /// 					 12345678-1234-1234-1234-123456789012 .
        public let arn: String?
        /// Your private CA configuration.
        public let certificateAuthorityConfiguration: CertificateAuthorityConfiguration?
        /// Date and time at which your private CA was created.
        public let createdAt: Date?
        /// Reason the request to create your private CA failed.
        public let failureReason: FailureReason?
        /// Defines a cryptographic key management compliance standard used for handling CA keys.
        /// 		       Default: FIPS_140_2_LEVEL_3_OR_HIGHER
        /// 		       Note: Amazon Web Services Region ap-northeast-3 supports only FIPS_140_2_LEVEL_2_OR_HIGHER. You must
        /// 			explicitly specify this parameter and value when creating a CA in that Region.
        /// 			Specifying a different value (or no value) results in an
        /// 				InvalidArgsException with the message "A certificate authority cannot
        /// 			be created in this region with the specified security standard."
        public let keyStorageSecurityStandard: KeyStorageSecurityStandard?
        /// Date and time at which your private CA was last updated.
        public let lastStateChangeAt: Date?
        /// Date and time after which your private CA certificate is not valid.
        public let notAfter: Date?
        /// Date and time before which your private CA certificate is not valid.
        public let notBefore: Date?
        /// The Amazon Web Services account ID that owns the certificate authority.
        public let ownerAccount: String?
        /// The period during which a deleted CA can be restored. For more information, see the
        /// 				PermanentDeletionTimeInDays parameter of the DeleteCertificateAuthorityRequest action.
        public let restorableUntil: Date?
        /// Information about the Online Certificate Status Protocol (OCSP) configuration or
        /// 			certificate revocation list (CRL) created and maintained by your private CA.
        public let revocationConfiguration: RevocationConfiguration?
        /// Serial number of your private CA.
        public let serial: String?
        /// Status of your private CA.
        public let status: CertificateAuthorityStatus?
        /// Type of your private CA.
        public let type: CertificateAuthorityType?
        /// Specifies whether the CA issues general-purpose certificates that typically require a
        /// 			revocation mechanism, or short-lived certificates that may optionally omit revocation because
        /// 			they expire quickly. Short-lived certificate validity is limited to seven days.
        /// 		       The default value is GENERAL_PURPOSE.
        public let usageMode: CertificateAuthorityUsageMode?

        public init(arn: String? = nil, certificateAuthorityConfiguration: CertificateAuthorityConfiguration? = nil, createdAt: Date? = nil, failureReason: FailureReason? = nil, keyStorageSecurityStandard: KeyStorageSecurityStandard? = nil, lastStateChangeAt: Date? = nil, notAfter: Date? = nil, notBefore: Date? = nil, ownerAccount: String? = nil, restorableUntil: Date? = nil, revocationConfiguration: RevocationConfiguration? = nil, serial: String? = nil, status: CertificateAuthorityStatus? = nil, type: CertificateAuthorityType? = nil, usageMode: CertificateAuthorityUsageMode? = nil) {
            self.arn = arn
            self.certificateAuthorityConfiguration = certificateAuthorityConfiguration
            self.createdAt = createdAt
            self.failureReason = failureReason
            self.keyStorageSecurityStandard = keyStorageSecurityStandard
            self.lastStateChangeAt = lastStateChangeAt
            self.notAfter = notAfter
            self.notBefore = notBefore
            self.ownerAccount = ownerAccount
            self.restorableUntil = restorableUntil
            self.revocationConfiguration = revocationConfiguration
            self.serial = serial
            self.status = status
            self.type = type
            self.usageMode = usageMode
        }

        private enum CodingKeys: String, CodingKey {
            case arn = "Arn"
            case certificateAuthorityConfiguration = "CertificateAuthorityConfiguration"
            case createdAt = "CreatedAt"
            case failureReason = "FailureReason"
            case keyStorageSecurityStandard = "KeyStorageSecurityStandard"
            case lastStateChangeAt = "LastStateChangeAt"
            case notAfter = "NotAfter"
            case notBefore = "NotBefore"
            case ownerAccount = "OwnerAccount"
            case restorableUntil = "RestorableUntil"
            case revocationConfiguration = "RevocationConfiguration"
            case serial = "Serial"
            case status = "Status"
            case type = "Type"
            case usageMode = "UsageMode"
        }
    }

    public struct CertificateAuthorityConfiguration: AWSEncodableShape & AWSDecodableShape {
        /// Specifies information to be added to the extension section of the certificate signing
        /// 			request (CSR).
        public let csrExtensions: CsrExtensions?
        /// Type of the public key algorithm and size, in bits, of the key pair that your CA
        /// 			creates when it issues a certificate. When you create a subordinate CA, you must use a
        /// 			key algorithm supported by the parent CA.
        public let keyAlgorithm: KeyAlgorithm
        /// Name of the algorithm your private CA uses to sign certificate requests.
        /// 		       This parameter should not be confused with the SigningAlgorithm parameter
        /// 			used to sign certificates when they are issued.
        public let signingAlgorithm: SigningAlgorithm
        /// Structure that contains X.500 distinguished name information for your private
        /// 			CA.
        public let subject: ASN1Subject

        public init(csrExtensions: CsrExtensions? = nil, keyAlgorithm: KeyAlgorithm, signingAlgorithm: SigningAlgorithm, subject: ASN1Subject) {
            self.csrExtensions = csrExtensions
            self.keyAlgorithm = keyAlgorithm
            self.signingAlgorithm = signingAlgorithm
            self.subject = subject
        }

        public func validate(name: String) throws {
            try self.csrExtensions?.validate(name: "\(name).csrExtensions")
            try self.subject.validate(name: "\(name).subject")
        }

        private enum CodingKeys: String, CodingKey {
            case csrExtensions = "CsrExtensions"
            case keyAlgorithm = "KeyAlgorithm"
            case signingAlgorithm = "SigningAlgorithm"
            case subject = "Subject"
        }
    }

    public struct CreateCertificateAuthorityAuditReportRequest: AWSEncodableShape {
        /// The format in which to create the report. This can be either JSON or CSV.
        public let auditReportResponseFormat: AuditReportResponseFormat
        /// The Amazon Resource Name (ARN) of the CA to be audited. This is of the form:
        /// 		        arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 .
        public let certificateAuthorityArn: String
        /// The name of the S3 bucket that will contain the audit report.
        public let s3BucketName: String

        public init(auditReportResponseFormat: AuditReportResponseFormat, certificateAuthorityArn: String, s3BucketName: String) {
            self.auditReportResponseFormat = auditReportResponseFormat
            self.certificateAuthorityArn = certificateAuthorityArn
            self.s3BucketName = s3BucketName
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, max: 200)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, min: 5)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, pattern: "^arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*$")
            try self.validate(self.s3BucketName, name: "s3BucketName", parent: name, max: 63)
            try self.validate(self.s3BucketName, name: "s3BucketName", parent: name, min: 3)
        }

        private enum CodingKeys: String, CodingKey {
            case auditReportResponseFormat = "AuditReportResponseFormat"
            case certificateAuthorityArn = "CertificateAuthorityArn"
            case s3BucketName = "S3BucketName"
        }
    }

    public struct CreateCertificateAuthorityAuditReportResponse: AWSDecodableShape {
        /// An alphanumeric string that contains a report identifier.
        public let auditReportId: String?
        /// The key that uniquely identifies the report file in
        /// 			your S3 bucket.
        public let s3Key: String?

        public init(auditReportId: String? = nil, s3Key: String? = nil) {
            self.auditReportId = auditReportId
            self.s3Key = s3Key
        }

        private enum CodingKeys: String, CodingKey {
            case auditReportId = "AuditReportId"
            case s3Key = "S3Key"
        }
    }

    public struct CreateCertificateAuthorityRequest: AWSEncodableShape {
        /// Name and bit size of the private key algorithm, the name of the signing algorithm, and
        /// 			X.500 certificate subject information.
        public let certificateAuthorityConfiguration: CertificateAuthorityConfiguration
        /// The type of the certificate authority.
        public let certificateAuthorityType: CertificateAuthorityType
        /// Custom string that can be used to distinguish between calls to the CreateCertificateAuthority action. Idempotency tokens for
        /// 				CreateCertificateAuthority time out after five
        /// 			minutes. Therefore, if you call CreateCertificateAuthority multiple times with the same idempotency
        /// 			token within five minutes, ACM Private CA recognizes that you are requesting only
        /// 			certificate authority and will issue only one. If you change the idempotency token for
        /// 			each call, PCA recognizes that you are requesting multiple certificate
        /// 			authorities.
        public let idempotencyToken: String?
        /// Specifies a cryptographic key management compliance standard used for handling CA
        /// 			keys.
        /// 		       Default: FIPS_140_2_LEVEL_3_OR_HIGHER
        /// 		        Note:
        /// 			         FIPS_140_2_LEVEL_3_OR_HIGHER is not supported in the following
        /// 			Regions:
        ///
        /// 				           ap-northeast-3
        ///
        /// 				           ap-southeast-3
        ///
        /// 		       When creating a CA in these Regions, you must provide
        /// 				FIPS_140_2_LEVEL_2_OR_HIGHER as the argument for
        /// 				KeyStorageSecurityStandard. Failure to do this results in an
        /// 				InvalidArgsException with the message, "A certificate authority cannot
        /// 			be created in this region with the specified security standard."
        public let keyStorageSecurityStandard: KeyStorageSecurityStandard?
        /// Contains information to enable Online Certificate Status Protocol (OCSP) support, to
        /// 			enable a certificate revocation list (CRL), to enable both, or to enable neither. The
        /// 			default is for both certificate validation mechanisms to be disabled. For more
        /// 			information, see the OcspConfiguration and CrlConfiguration types.
        public let revocationConfiguration: RevocationConfiguration?
        /// Key-value pairs that will be attached to the new private CA. You can associate up to
        /// 			50 tags with a private CA. For information using tags with IAM to manage permissions,
        /// 			see Controlling Access Using IAM Tags.
        public let tags: [Tag]?
        /// Specifies whether the CA issues general-purpose certificates that typically require a revocation mechanism, or short-lived certificates that may optionally omit revocation because they expire quickly. Short-lived certificate validity is limited to seven days. The default value is GENERAL_PURPOSE.
        public let usageMode: CertificateAuthorityUsageMode?

        public init(certificateAuthorityConfiguration: CertificateAuthorityConfiguration, certificateAuthorityType: CertificateAuthorityType, idempotencyToken: String? = nil, keyStorageSecurityStandard: KeyStorageSecurityStandard? = nil, revocationConfiguration: RevocationConfiguration? = nil, tags: [Tag]? = nil, usageMode: CertificateAuthorityUsageMode? = nil) {
            self.certificateAuthorityConfiguration = certificateAuthorityConfiguration
            self.certificateAuthorityType = certificateAuthorityType
            self.idempotencyToken = idempotencyToken
            self.keyStorageSecurityStandard = keyStorageSecurityStandard
            self.revocationConfiguration = revocationConfiguration
            self.tags = tags
            self.usageMode = usageMode
        }

        public func validate(name: String) throws {
            try self.certificateAuthorityConfiguration.validate(name: "\(name).certificateAuthorityConfiguration")
            try self.validate(self.idempotencyToken, name: "idempotencyToken", parent: name, max: 36)
            try self.validate(self.idempotencyToken, name: "idempotencyToken", parent: name, min: 1)
            try self.validate(self.idempotencyToken, name: "idempotencyToken", parent: name, pattern: "^[\\u0009\\u000A\\u000D\\u0020-\\u00FF]*$")
            try self.revocationConfiguration?.validate(name: "\(name).revocationConfiguration")
            try self.tags?.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
            try self.validate(self.tags, name: "tags", parent: name, max: 50)
            try self.validate(self.tags, name: "tags", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthorityConfiguration = "CertificateAuthorityConfiguration"
            case certificateAuthorityType = "CertificateAuthorityType"
            case idempotencyToken = "IdempotencyToken"
            case keyStorageSecurityStandard = "KeyStorageSecurityStandard"
            case revocationConfiguration = "RevocationConfiguration"
            case tags = "Tags"
            case usageMode = "UsageMode"
        }
    }

    public struct CreateCertificateAuthorityResponse: AWSDecodableShape {
        /// If successful, the Amazon Resource Name (ARN) of the certificate authority (CA). This
        /// 			is of the form:
        ///
        /// 			         arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 .
        ///
        public let certificateAuthorityArn: String?

        public init(certificateAuthorityArn: String? = nil) {
            self.certificateAuthorityArn = certificateAuthorityArn
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthorityArn = "CertificateAuthorityArn"
        }
    }

    public struct CreatePermissionRequest: AWSEncodableShape {
        /// The actions that the specified Amazon Web Services service principal can use. These include
        /// 				IssueCertificate, GetCertificate, and
        /// 				ListPermissions.
        public let actions: [ActionType]
        /// The Amazon Resource Name (ARN) of the CA that grants the permissions. You can find the
        /// 			ARN by calling the ListCertificateAuthorities action. This must have the following form:
        ///
        /// 			         arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 .
        ///
        public let certificateAuthorityArn: String
        /// The Amazon Web Services service or identity that receives the permission. At this time, the only
        /// 			valid principal is acm.amazonaws.com.
        public let principal: String
        /// The ID of the calling account.
        public let sourceAccount: String?

        public init(actions: [ActionType], certificateAuthorityArn: String, principal: String, sourceAccount: String? = nil) {
            self.actions = actions
            self.certificateAuthorityArn = certificateAuthorityArn
            self.principal = principal
            self.sourceAccount = sourceAccount
        }

        public func validate(name: String) throws {
            try self.validate(self.actions, name: "actions", parent: name, max: 3)
            try self.validate(self.actions, name: "actions", parent: name, min: 1)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, max: 200)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, min: 5)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, pattern: "^arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*$")
            try self.validate(self.principal, name: "principal", parent: name, max: 128)
            try self.validate(self.principal, name: "principal", parent: name, pattern: "^[^*]+$")
            try self.validate(self.sourceAccount, name: "sourceAccount", parent: name, max: 12)
            try self.validate(self.sourceAccount, name: "sourceAccount", parent: name, min: 12)
            try self.validate(self.sourceAccount, name: "sourceAccount", parent: name, pattern: "^[0-9]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case actions = "Actions"
            case certificateAuthorityArn = "CertificateAuthorityArn"
            case principal = "Principal"
            case sourceAccount = "SourceAccount"
        }
    }

    public struct CrlConfiguration: AWSEncodableShape & AWSDecodableShape {
        /// Name inserted into the certificate CRL Distribution
        /// 				Points extension that enables the use of an alias for the CRL
        /// 			distribution point. Use this value if you don't want the name of your S3 bucket to be
        /// 			public.
        public let customCname: String?
        /// Boolean value that specifies whether certificate revocation lists (CRLs) are enabled.
        /// 			You can use this value to enable certificate revocation for a new CA when you call the
        /// 				CreateCertificateAuthority action or for an existing CA when you call the
        /// 				UpdateCertificateAuthority action.
        public let enabled: Bool
        /// Validity period of the CRL in days.
        public let expirationInDays: Int?
        /// Name of the S3 bucket that contains the CRL. If you do not provide a value for the
        /// 				CustomCname argument, the name of your S3 bucket
        /// 			is placed into the CRL Distribution Points extension of
        /// 			the issued certificate. You can change the name of your bucket by calling the UpdateCertificateAuthority operation. You must specify a bucket
        /// 				policy that allows ACM Private CA to write the CRL to your bucket.
        public let s3BucketName: String?
        /// Determines whether the CRL will be publicly readable or privately held in the CRL
        /// 			Amazon S3 bucket. If you choose PUBLIC_READ, the CRL will be accessible over the public
        /// 			internet. If you choose BUCKET_OWNER_FULL_CONTROL, only the owner of the CRL S3 bucket
        /// 			can access the CRL, and your PKI clients may need an alternative method of access.
        /// 		       If no value is specified, the default is PUBLIC_READ.
        /// 		        Note: This default can cause CA creation to fail in some
        /// 			circumstances. If you have have enabled the Block Public Access (BPA) feature in your S3
        /// 			account, then you must specify the value of this parameter as
        /// 				BUCKET_OWNER_FULL_CONTROL, and not doing so results in an error. If you
        /// 			have disabled BPA in S3, then you can specify either
        /// 				BUCKET_OWNER_FULL_CONTROL or PUBLIC_READ as the
        /// 			value.
        /// 		       For more information, see Blocking public access to the S3
        /// 				bucket.
        public let s3ObjectAcl: S3ObjectAcl?

        public init(customCname: String? = nil, enabled: Bool, expirationInDays: Int? = nil, s3BucketName: String? = nil, s3ObjectAcl: S3ObjectAcl? = nil) {
            self.customCname = customCname
            self.enabled = enabled
            self.expirationInDays = expirationInDays
            self.s3BucketName = s3BucketName
            self.s3ObjectAcl = s3ObjectAcl
        }

        public func validate(name: String) throws {
            try self.validate(self.customCname, name: "customCname", parent: name, max: 253)
            try self.validate(self.expirationInDays, name: "expirationInDays", parent: name, max: 5000)
            try self.validate(self.expirationInDays, name: "expirationInDays", parent: name, min: 1)
            try self.validate(self.s3BucketName, name: "s3BucketName", parent: name, max: 255)
            try self.validate(self.s3BucketName, name: "s3BucketName", parent: name, min: 3)
        }

        private enum CodingKeys: String, CodingKey {
            case customCname = "CustomCname"
            case enabled = "Enabled"
            case expirationInDays = "ExpirationInDays"
            case s3BucketName = "S3BucketName"
            case s3ObjectAcl = "S3ObjectAcl"
        }
    }

    public struct CsrExtensions: AWSEncodableShape & AWSDecodableShape {
        /// Indicates the purpose of the certificate and of the key contained in the
        /// 			certificate.
        public let keyUsage: KeyUsage?
        /// For CA certificates, provides a path to additional information pertaining to the CA,
        /// 			such as revocation and policy. For more information, see Subject
        /// 				Information Access in RFC 5280.
        public let subjectInformationAccess: [AccessDescription]?

        public init(keyUsage: KeyUsage? = nil, subjectInformationAccess: [AccessDescription]? = nil) {
            self.keyUsage = keyUsage
            self.subjectInformationAccess = subjectInformationAccess
        }

        public func validate(name: String) throws {
            try self.subjectInformationAccess?.forEach {
                try $0.validate(name: "\(name).subjectInformationAccess[]")
            }
        }

        private enum CodingKeys: String, CodingKey {
            case keyUsage = "KeyUsage"
            case subjectInformationAccess = "SubjectInformationAccess"
        }
    }

    public struct CustomAttribute: AWSEncodableShape & AWSDecodableShape {
        /// Specifies the object identifier (OID) of the attribute type of the relative
        /// 			distinguished name (RDN).
        public let objectIdentifier: String
        /// 		       Specifies the attribute value of relative distinguished name (RDN).
        public let value: String

        public init(objectIdentifier: String, value: String) {
            self.objectIdentifier = objectIdentifier
            self.value = value
        }

        public func validate(name: String) throws {
            try self.validate(self.objectIdentifier, name: "objectIdentifier", parent: name, max: 64)
            try self.validate(self.objectIdentifier, name: "objectIdentifier", parent: name, pattern: "^([0-2])\\.([0-9]|([0-3][0-9]))((\\.([0-9]+)){0,126})$")
            try self.validate(self.value, name: "value", parent: name, max: 256)
            try self.validate(self.value, name: "value", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case objectIdentifier = "ObjectIdentifier"
            case value = "Value"
        }
    }

    public struct CustomExtension: AWSEncodableShape {
        /// 		       Specifies the critical flag of the X.509 extension.
        public let critical: Bool?
        /// 		       Specifies the object identifier (OID) of the X.509 extension. For more information,
        /// 			see the Global OID reference database.
        ///
        public let objectIdentifier: String
        /// 		       Specifies the base64-encoded value of the X.509 extension.
        public let value: String

        public init(critical: Bool? = nil, objectIdentifier: String, value: String) {
            self.critical = critical
            self.objectIdentifier = objectIdentifier
            self.value = value
        }

        public func validate(name: String) throws {
            try self.validate(self.objectIdentifier, name: "objectIdentifier", parent: name, max: 64)
            try self.validate(self.objectIdentifier, name: "objectIdentifier", parent: name, pattern: "^([0-2])\\.([0-9]|([0-3][0-9]))((\\.([0-9]+)){0,126})$")
            try self.validate(self.value, name: "value", parent: name, max: 4096)
            try self.validate(self.value, name: "value", parent: name, min: 1)
            try self.validate(self.value, name: "value", parent: name, pattern: "^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$")
        }

        private enum CodingKeys: String, CodingKey {
            case critical = "Critical"
            case objectIdentifier = "ObjectIdentifier"
            case value = "Value"
        }
    }

    public struct DeleteCertificateAuthorityRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must have the following form:
        ///
        /// 			         arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 .
        ///
        public let certificateAuthorityArn: String
        /// The number of days to make a CA restorable after it has been deleted. This can be
        /// 			anywhere from 7 to 30 days, with 30 being the default.
        public let permanentDeletionTimeInDays: Int?

        public init(certificateAuthorityArn: String, permanentDeletionTimeInDays: Int? = nil) {
            self.certificateAuthorityArn = certificateAuthorityArn
            self.permanentDeletionTimeInDays = permanentDeletionTimeInDays
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, max: 200)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, min: 5)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, pattern: "^arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*$")
            try self.validate(self.permanentDeletionTimeInDays, name: "permanentDeletionTimeInDays", parent: name, max: 30)
            try self.validate(self.permanentDeletionTimeInDays, name: "permanentDeletionTimeInDays", parent: name, min: 7)
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthorityArn = "CertificateAuthorityArn"
            case permanentDeletionTimeInDays = "PermanentDeletionTimeInDays"
        }
    }

    public struct DeletePermissionRequest: AWSEncodableShape {
        /// The Amazon Resource Number (ARN) of the private CA that issued the permissions. You
        /// 			can find the CA's ARN by calling the ListCertificateAuthorities action. This must have the following form:
        ///
        /// 			         arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 .
        ///
        public let certificateAuthorityArn: String
        /// The Amazon Web Services service or identity that will have its CA permissions revoked. At this time,
        /// 			the only valid service principal is acm.amazonaws.com
        public let principal: String
        /// The Amazon Web Services account that calls this action.
        public let sourceAccount: String?

        public init(certificateAuthorityArn: String, principal: String, sourceAccount: String? = nil) {
            self.certificateAuthorityArn = certificateAuthorityArn
            self.principal = principal
            self.sourceAccount = sourceAccount
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, max: 200)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, min: 5)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, pattern: "^arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*$")
            try self.validate(self.principal, name: "principal", parent: name, max: 128)
            try self.validate(self.principal, name: "principal", parent: name, pattern: "^[^*]+$")
            try self.validate(self.sourceAccount, name: "sourceAccount", parent: name, max: 12)
            try self.validate(self.sourceAccount, name: "sourceAccount", parent: name, min: 12)
            try self.validate(self.sourceAccount, name: "sourceAccount", parent: name, pattern: "^[0-9]+$")
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthorityArn = "CertificateAuthorityArn"
            case principal = "Principal"
            case sourceAccount = "SourceAccount"
        }
    }

    public struct DeletePolicyRequest: AWSEncodableShape {
        /// The Amazon Resource Number (ARN) of the private CA that will have its policy deleted.
        /// 			You can find the CA's ARN by calling the ListCertificateAuthorities action. The ARN value must have the form
        /// 				arn:aws:acm-pca:region:account:certificate-authority/01234567-89ab-cdef-0123-0123456789ab.
        ///
        public let resourceArn: String

        public init(resourceArn: String) {
            self.resourceArn = resourceArn
        }

        public func validate(name: String) throws {
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, max: 200)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, min: 5)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, pattern: "^arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*$")
        }

        private enum CodingKeys: String, CodingKey {
            case resourceArn = "ResourceArn"
        }
    }

    public struct DescribeCertificateAuthorityAuditReportRequest: AWSEncodableShape {
        /// The report ID returned by calling the CreateCertificateAuthorityAuditReport action.
        public let auditReportId: String
        /// The Amazon Resource Name (ARN) of the private CA. This must be of the form:
        ///
        /// 			         arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 .
        ///
        public let certificateAuthorityArn: String

        public init(auditReportId: String, certificateAuthorityArn: String) {
            self.auditReportId = auditReportId
            self.certificateAuthorityArn = certificateAuthorityArn
        }

        public func validate(name: String) throws {
            try self.validate(self.auditReportId, name: "auditReportId", parent: name, max: 36)
            try self.validate(self.auditReportId, name: "auditReportId", parent: name, min: 36)
            try self.validate(self.auditReportId, name: "auditReportId", parent: name, pattern: "^[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{4}-[a-z0-9]{12}$")
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, max: 200)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, min: 5)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, pattern: "^arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*$")
        }

        private enum CodingKeys: String, CodingKey {
            case auditReportId = "AuditReportId"
            case certificateAuthorityArn = "CertificateAuthorityArn"
        }
    }

    public struct DescribeCertificateAuthorityAuditReportResponse: AWSDecodableShape {
        /// Specifies whether report creation is in progress, has succeeded, or has failed.
        public let auditReportStatus: AuditReportStatus?
        /// The date and time at which the report was created.
        public let createdAt: Date?
        /// Name of the S3 bucket that contains the report.
        public let s3BucketName: String?
        /// S3 key that uniquely identifies the report file in
        /// 			your S3 bucket.
        public let s3Key: String?

        public init(auditReportStatus: AuditReportStatus? = nil, createdAt: Date? = nil, s3BucketName: String? = nil, s3Key: String? = nil) {
            self.auditReportStatus = auditReportStatus
            self.createdAt = createdAt
            self.s3BucketName = s3BucketName
            self.s3Key = s3Key
        }

        private enum CodingKeys: String, CodingKey {
            case auditReportStatus = "AuditReportStatus"
            case createdAt = "CreatedAt"
            case s3BucketName = "S3BucketName"
            case s3Key = "S3Key"
        }
    }

    public struct DescribeCertificateAuthorityRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must be of the form:
        ///
        /// 			         arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 .
        ///
        public let certificateAuthorityArn: String

        public init(certificateAuthorityArn: String) {
            self.certificateAuthorityArn = certificateAuthorityArn
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, max: 200)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, min: 5)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, pattern: "^arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*$")
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthorityArn = "CertificateAuthorityArn"
        }
    }

    public struct DescribeCertificateAuthorityResponse: AWSDecodableShape {
        /// A CertificateAuthority structure that contains information about your private
        /// 			CA.
        public let certificateAuthority: CertificateAuthority?

        public init(certificateAuthority: CertificateAuthority? = nil) {
            self.certificateAuthority = certificateAuthority
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthority = "CertificateAuthority"
        }
    }

    public struct EdiPartyName: AWSEncodableShape & AWSDecodableShape {
        /// Specifies the name assigner.
        public let nameAssigner: String?
        /// Specifies the party name.
        public let partyName: String

        public init(nameAssigner: String? = nil, partyName: String) {
            self.nameAssigner = nameAssigner
            self.partyName = partyName
        }

        public func validate(name: String) throws {
            try self.validate(self.nameAssigner, name: "nameAssigner", parent: name, max: 256)
            try self.validate(self.partyName, name: "partyName", parent: name, max: 256)
        }

        private enum CodingKeys: String, CodingKey {
            case nameAssigner = "NameAssigner"
            case partyName = "PartyName"
        }
    }

    public struct ExtendedKeyUsage: AWSEncodableShape {
        /// Specifies a custom ExtendedKeyUsage with an object identifier
        /// 			(OID).
        public let extendedKeyUsageObjectIdentifier: String?
        /// Specifies a standard ExtendedKeyUsage as defined as in RFC
        /// 				5280.
        public let extendedKeyUsageType: ExtendedKeyUsageType?

        public init(extendedKeyUsageObjectIdentifier: String? = nil, extendedKeyUsageType: ExtendedKeyUsageType? = nil) {
            self.extendedKeyUsageObjectIdentifier = extendedKeyUsageObjectIdentifier
            self.extendedKeyUsageType = extendedKeyUsageType
        }

        public func validate(name: String) throws {
            try self.validate(self.extendedKeyUsageObjectIdentifier, name: "extendedKeyUsageObjectIdentifier", parent: name, max: 64)
            try self.validate(self.extendedKeyUsageObjectIdentifier, name: "extendedKeyUsageObjectIdentifier", parent: name, pattern: "^([0-2])\\.([0-9]|([0-3][0-9]))((\\.([0-9]+)){0,126})$")
        }

        private enum CodingKeys: String, CodingKey {
            case extendedKeyUsageObjectIdentifier = "ExtendedKeyUsageObjectIdentifier"
            case extendedKeyUsageType = "ExtendedKeyUsageType"
        }
    }

    public struct Extensions: AWSEncodableShape {
        /// Contains a sequence of one or more policy information terms, each of which consists of
        /// 			an object identifier (OID) and optional qualifiers. For more information, see NIST's
        /// 			definition of Object
        /// 				Identifier (OID).
        /// 		       In an end-entity certificate, these terms indicate the policy under which the
        /// 			certificate was issued and the purposes for which it may be used. In a CA certificate,
        /// 			these terms limit the set of policies for certification paths that include this
        /// 			certificate.
        public let certificatePolicies: [PolicyInformation]?
        /// 		       Contains a sequence of one or more X.509 extensions, each of which consists of an
        /// 			object identifier (OID), a base64-encoded value, and the critical flag. For more
        /// 			information, see the Global OID reference
        /// 				database.
        public let customExtensions: [CustomExtension]?
        /// Specifies additional purposes for which the certified public key may be used other
        /// 			than basic purposes indicated in the KeyUsage extension.
        public let extendedKeyUsage: [ExtendedKeyUsage]?
        public let keyUsage: KeyUsage?
        /// The subject alternative name extension allows identities to be bound to the subject of
        /// 			the certificate. These identities may be included in addition to or in place of the
        /// 			identity in the subject field of the certificate.
        public let subjectAlternativeNames: [GeneralName]?

        public init(certificatePolicies: [PolicyInformation]? = nil, customExtensions: [CustomExtension]? = nil, extendedKeyUsage: [ExtendedKeyUsage]? = nil, keyUsage: KeyUsage? = nil, subjectAlternativeNames: [GeneralName]? = nil) {
            self.certificatePolicies = certificatePolicies
            self.customExtensions = customExtensions
            self.extendedKeyUsage = extendedKeyUsage
            self.keyUsage = keyUsage
            self.subjectAlternativeNames = subjectAlternativeNames
        }

        public func validate(name: String) throws {
            try self.certificatePolicies?.forEach {
                try $0.validate(name: "\(name).certificatePolicies[]")
            }
            try self.validate(self.certificatePolicies, name: "certificatePolicies", parent: name, max: 20)
            try self.validate(self.certificatePolicies, name: "certificatePolicies", parent: name, min: 1)
            try self.customExtensions?.forEach {
                try $0.validate(name: "\(name).customExtensions[]")
            }
            try self.validate(self.customExtensions, name: "customExtensions", parent: name, max: 20)
            try self.validate(self.customExtensions, name: "customExtensions", parent: name, min: 1)
            try self.extendedKeyUsage?.forEach {
                try $0.validate(name: "\(name).extendedKeyUsage[]")
            }
            try self.validate(self.extendedKeyUsage, name: "extendedKeyUsage", parent: name, max: 20)
            try self.validate(self.extendedKeyUsage, name: "extendedKeyUsage", parent: name, min: 1)
            try self.subjectAlternativeNames?.forEach {
                try $0.validate(name: "\(name).subjectAlternativeNames[]")
            }
            try self.validate(self.subjectAlternativeNames, name: "subjectAlternativeNames", parent: name, max: 20)
            try self.validate(self.subjectAlternativeNames, name: "subjectAlternativeNames", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case certificatePolicies = "CertificatePolicies"
            case customExtensions = "CustomExtensions"
            case extendedKeyUsage = "ExtendedKeyUsage"
            case keyUsage = "KeyUsage"
            case subjectAlternativeNames = "SubjectAlternativeNames"
        }
    }

    public struct GeneralName: AWSEncodableShape & AWSDecodableShape {
        public let directoryName: ASN1Subject?
        /// Represents GeneralName as a DNS name.
        public let dnsName: String?
        /// Represents GeneralName as an EdiPartyName object.
        public let ediPartyName: EdiPartyName?
        /// Represents GeneralName as an IPv4 or IPv6 address.
        public let ipAddress: String?
        /// Represents GeneralName using an OtherName object.
        public let otherName: OtherName?
        ///  Represents GeneralName as an object identifier (OID).
        public let registeredId: String?
        /// Represents GeneralName as an RFC 822 email
        /// 			address.
        public let rfc822Name: String?
        /// Represents GeneralName as a URI.
        public let uniformResourceIdentifier: String?

        public init(directoryName: ASN1Subject? = nil, dnsName: String? = nil, ediPartyName: EdiPartyName? = nil, ipAddress: String? = nil, otherName: OtherName? = nil, registeredId: String? = nil, rfc822Name: String? = nil, uniformResourceIdentifier: String? = nil) {
            self.directoryName = directoryName
            self.dnsName = dnsName
            self.ediPartyName = ediPartyName
            self.ipAddress = ipAddress
            self.otherName = otherName
            self.registeredId = registeredId
            self.rfc822Name = rfc822Name
            self.uniformResourceIdentifier = uniformResourceIdentifier
        }

        public func validate(name: String) throws {
            try self.directoryName?.validate(name: "\(name).directoryName")
            try self.validate(self.dnsName, name: "dnsName", parent: name, max: 253)
            try self.ediPartyName?.validate(name: "\(name).ediPartyName")
            try self.validate(self.ipAddress, name: "ipAddress", parent: name, max: 39)
            try self.otherName?.validate(name: "\(name).otherName")
            try self.validate(self.registeredId, name: "registeredId", parent: name, max: 64)
            try self.validate(self.registeredId, name: "registeredId", parent: name, pattern: "^([0-2])\\.([0-9]|([0-3][0-9]))((\\.([0-9]+)){0,126})$")
            try self.validate(self.rfc822Name, name: "rfc822Name", parent: name, max: 256)
            try self.validate(self.uniformResourceIdentifier, name: "uniformResourceIdentifier", parent: name, max: 253)
        }

        private enum CodingKeys: String, CodingKey {
            case directoryName = "DirectoryName"
            case dnsName = "DnsName"
            case ediPartyName = "EdiPartyName"
            case ipAddress = "IpAddress"
            case otherName = "OtherName"
            case registeredId = "RegisteredId"
            case rfc822Name = "Rfc822Name"
            case uniformResourceIdentifier = "UniformResourceIdentifier"
        }
    }

    public struct GetCertificateAuthorityCertificateRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) of your private CA. This is of the form:
        ///
        /// 			         arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 .
        ///
        public let certificateAuthorityArn: String

        public init(certificateAuthorityArn: String) {
            self.certificateAuthorityArn = certificateAuthorityArn
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, max: 200)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, min: 5)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, pattern: "^arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*$")
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthorityArn = "CertificateAuthorityArn"
        }
    }

    public struct GetCertificateAuthorityCertificateResponse: AWSDecodableShape {
        /// Base64-encoded certificate authority (CA) certificate.
        public let certificate: String?
        /// Base64-encoded certificate chain that includes any intermediate certificates and
        /// 			chains up to root certificate that you used to sign your private CA certificate. The
        /// 			chain does not include your private CA certificate. If this is a root CA, the value will
        /// 			be null.
        public let certificateChain: String?

        public init(certificate: String? = nil, certificateChain: String? = nil) {
            self.certificate = certificate
            self.certificateChain = certificateChain
        }

        private enum CodingKeys: String, CodingKey {
            case certificate = "Certificate"
            case certificateChain = "CertificateChain"
        }
    }

    public struct GetCertificateAuthorityCsrRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) that was returned when you called the CreateCertificateAuthority action. This must be of the form:
        ///
        /// 			         arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
        ///
        public let certificateAuthorityArn: String

        public init(certificateAuthorityArn: String) {
            self.certificateAuthorityArn = certificateAuthorityArn
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, max: 200)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, min: 5)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, pattern: "^arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*$")
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthorityArn = "CertificateAuthorityArn"
        }
    }

    public struct GetCertificateAuthorityCsrResponse: AWSDecodableShape {
        /// The base64 PEM-encoded certificate signing request (CSR) for your private CA
        /// 			certificate.
        public let csr: String?

        public init(csr: String? = nil) {
            self.csr = csr
        }

        private enum CodingKeys: String, CodingKey {
            case csr = "Csr"
        }
    }

    public struct GetCertificateRequest: AWSEncodableShape {
        /// The ARN of the issued certificate. The ARN contains the certificate serial number and
        /// 			must be in the following form:
        ///
        /// 			         arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/286535153982981100925020015808220737245
        ///
        public let certificateArn: String
        /// The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must be of the form:
        ///
        /// 			         arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012 .
        ///
        public let certificateAuthorityArn: String

        public init(certificateArn: String, certificateAuthorityArn: String) {
            self.certificateArn = certificateArn
            self.certificateAuthorityArn = certificateAuthorityArn
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateArn, name: "certificateArn", parent: name, max: 200)
            try self.validate(self.certificateArn, name: "certificateArn", parent: name, min: 5)
            try self.validate(self.certificateArn, name: "certificateArn", parent: name, pattern: "^arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*$")
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, max: 200)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, min: 5)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, pattern: "^arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*$")
        }

        private enum CodingKeys: String, CodingKey {
            case certificateArn = "CertificateArn"
            case certificateAuthorityArn = "CertificateAuthorityArn"
        }
    }

    public struct GetCertificateResponse: AWSDecodableShape {
        /// The base64 PEM-encoded certificate specified by the CertificateArn
        /// 			parameter.
        public let certificate: String?
        /// The base64 PEM-encoded certificate chain that chains up to the root CA certificate
        /// 			that you used to sign your private CA certificate.
        public let certificateChain: String?

        public init(certificate: String? = nil, certificateChain: String? = nil) {
            self.certificate = certificate
            self.certificateChain = certificateChain
        }

        private enum CodingKeys: String, CodingKey {
            case certificate = "Certificate"
            case certificateChain = "CertificateChain"
        }
    }

    public struct GetPolicyRequest: AWSEncodableShape {
        /// The Amazon Resource Number (ARN) of the private CA that will have its policy
        /// 			retrieved. You can find the CA's ARN by calling the ListCertificateAuthorities action.
        ///
        ///
        public let resourceArn: String

        public init(resourceArn: String) {
            self.resourceArn = resourceArn
        }

        public func validate(name: String) throws {
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, max: 200)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, min: 5)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, pattern: "^arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*$")
        }

        private enum CodingKeys: String, CodingKey {
            case resourceArn = "ResourceArn"
        }
    }

    public struct GetPolicyResponse: AWSDecodableShape {
        /// The policy attached to the private CA as a JSON document.
        public let policy: String?

        public init(policy: String? = nil) {
            self.policy = policy
        }

        private enum CodingKeys: String, CodingKey {
            case policy = "Policy"
        }
    }

    public struct ImportCertificateAuthorityCertificateRequest: AWSEncodableShape {
        /// The PEM-encoded certificate for a private CA. This may be a self-signed certificate in
        /// 			the case of a root CA, or it may be signed by another CA that you control.
        public let certificate: AWSBase64Data
        /// The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must be of the form:
        /// 		        arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
        public let certificateAuthorityArn: String
        /// A PEM-encoded file that contains all of your certificates, other than the certificate
        /// 			you're importing, chaining up to your root CA. Your ACM Private CA-hosted or on-premises
        /// 			root certificate is the last in the chain, and each certificate in the chain signs the
        /// 			one preceding.
        /// 		       This parameter must be supplied when you import a subordinate CA. When you import a
        /// 			root CA, there is no chain.
        public let certificateChain: AWSBase64Data?

        public init(certificate: AWSBase64Data, certificateAuthorityArn: String, certificateChain: AWSBase64Data? = nil) {
            self.certificate = certificate
            self.certificateAuthorityArn = certificateAuthorityArn
            self.certificateChain = certificateChain
        }

        public func validate(name: String) throws {
            try self.validate(self.certificate, name: "certificate", parent: name, max: 32768)
            try self.validate(self.certificate, name: "certificate", parent: name, min: 1)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, max: 200)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, min: 5)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, pattern: "^arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*$")
            try self.validate(self.certificateChain, name: "certificateChain", parent: name, max: 2_097_152)
        }

        private enum CodingKeys: String, CodingKey {
            case certificate = "Certificate"
            case certificateAuthorityArn = "CertificateAuthorityArn"
            case certificateChain = "CertificateChain"
        }
    }

    public struct IssueCertificateRequest: AWSEncodableShape {
        /// Specifies X.509 certificate information to be included in the issued certificate. An
        /// 				APIPassthrough or APICSRPassthrough template variant must
        /// 			be selected, or else this parameter is ignored. For more information about using these
        /// 			templates, see Understanding Certificate Templates.
        /// 		       If conflicting or duplicate certificate information is supplied during certificate
        /// 			issuance, ACM Private CA applies order of
        /// 				operation rules to determine what information is used.
        public let apiPassthrough: ApiPassthrough?
        /// The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must be of the form:
        ///
        /// 			         arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
        ///
        public let certificateAuthorityArn: String
        /// The certificate signing request (CSR) for the certificate you want to issue. As an
        /// 			example, you can use the following OpenSSL command to create the CSR and a 2048 bit RSA
        /// 			private key.
        ///
        /// 			         openssl req -new -newkey rsa:2048 -days 365 -keyout private/test_cert_priv_key.pem
        /// 				-out csr/test_cert_.csr
        ///
        /// 		       If you have a configuration file, you can then use the following OpenSSL command. The
        /// 				usr_cert block in the configuration file contains your X509 version 3
        /// 			extensions.
        /// 		        openssl req -new -config openssl_rsa.cnf -extensions usr_cert -newkey rsa:2048
        /// 				-days 365 -keyout private/test_cert_priv_key.pem -out
        /// 			csr/test_cert_.csr
        /// 		       Note: A CSR must provide either a subject name or a
        /// 				subject alternative name or the request will be rejected.
        ///
        public let csr: AWSBase64Data
        /// Alphanumeric string that can be used to distinguish between calls to the IssueCertificate action. Idempotency tokens for IssueCertificate time out after one minute. Therefore, if you
        /// 			call IssueCertificate multiple times with the same
        /// 			idempotency token within one minute, ACM Private CA recognizes that you are requesting only
        /// 			one certificate and will issue only one. If you change the idempotency token for each
        /// 			call, PCA recognizes that you are requesting multiple certificates.
        public let idempotencyToken: String?
        /// The name of the algorithm that will be used to sign the certificate to be issued.
        /// 		       This parameter should not be confused with the SigningAlgorithm parameter
        /// 			used to sign a CSR in the CreateCertificateAuthority action.
        ///
        /// 			         The specified signing algorithm family (RSA or ECDSA) much match the algorithm
        /// 				family of the CA's secret key.
        ///
        public let signingAlgorithm: SigningAlgorithm
        /// Specifies a custom configuration template to use when issuing a certificate. If this
        /// 			parameter is not provided, ACM Private CA defaults to the
        /// 				EndEntityCertificate/V1 template. For CA certificates, you should
        /// 			choose the shortest path length that meets your needs. The path length is indicated by
        /// 			the PathLenN portion of the ARN, where N is
        /// 			the CA
        /// 				depth.
        /// 		       Note: The CA depth configured on a subordinate CA certificate must not exceed the
        /// 			limit set by its parents in the CA hierarchy.
        /// 		       For a list of TemplateArn values supported by ACM Private CA, see Understanding Certificate
        /// 				Templates.
        public let templateArn: String?
        /// Information describing the end of the validity period of the certificate. This
        /// 			parameter sets the “Not After” date for the certificate.
        /// 		       Certificate validity is the period of time during which a certificate is valid.
        /// 			Validity can be expressed as an explicit date and time when the certificate expires, or
        /// 			as a span of time after issuance, stated in days, months, or years. For more
        /// 			information, see Validity
        /// 			in RFC 5280.
        /// 		       This value is unaffected when ValidityNotBefore is also specified. For
        /// 			example, if Validity is set to 20 days in the future, the certificate will
        /// 			expire 20 days from issuance time regardless of the ValidityNotBefore
        /// 			value.
        /// 		       The end of the validity period configured on a certificate must not exceed the limit
        /// 			set on its parents in the CA hierarchy.
        public let validity: Validity
        /// Information describing the start of the validity period of the certificate. This
        /// 			parameter sets the “Not Before" date for the certificate.
        /// 		       By default, when issuing a certificate, ACM Private CA sets the "Not Before" date to the
        /// 			issuance time minus 60 minutes. This compensates for clock inconsistencies across
        /// 			computer systems. The ValidityNotBefore parameter can be used to customize
        /// 			the “Not Before” value.
        /// 		       Unlike the Validity parameter, the ValidityNotBefore
        /// 			parameter is optional.
        /// 		       The ValidityNotBefore value is expressed as an explicit date and time,
        /// 			using the Validity type value ABSOLUTE. For more information,
        /// 			see Validity in this API reference and Validity
        /// 			in RFC 5280.
        public let validityNotBefore: Validity?

        public init(apiPassthrough: ApiPassthrough? = nil, certificateAuthorityArn: String, csr: AWSBase64Data, idempotencyToken: String? = nil, signingAlgorithm: SigningAlgorithm, templateArn: String? = nil, validity: Validity, validityNotBefore: Validity? = nil) {
            self.apiPassthrough = apiPassthrough
            self.certificateAuthorityArn = certificateAuthorityArn
            self.csr = csr
            self.idempotencyToken = idempotencyToken
            self.signingAlgorithm = signingAlgorithm
            self.templateArn = templateArn
            self.validity = validity
            self.validityNotBefore = validityNotBefore
        }

        public func validate(name: String) throws {
            try self.apiPassthrough?.validate(name: "\(name).apiPassthrough")
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, max: 200)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, min: 5)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, pattern: "^arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*$")
            try self.validate(self.csr, name: "csr", parent: name, max: 32768)
            try self.validate(self.csr, name: "csr", parent: name, min: 1)
            try self.validate(self.idempotencyToken, name: "idempotencyToken", parent: name, max: 36)
            try self.validate(self.idempotencyToken, name: "idempotencyToken", parent: name, min: 1)
            try self.validate(self.idempotencyToken, name: "idempotencyToken", parent: name, pattern: "^[\\u0009\\u000A\\u000D\\u0020-\\u00FF]*$")
            try self.validate(self.templateArn, name: "templateArn", parent: name, max: 200)
            try self.validate(self.templateArn, name: "templateArn", parent: name, min: 5)
            try self.validate(self.templateArn, name: "templateArn", parent: name, pattern: "^arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*$")
            try self.validity.validate(name: "\(name).validity")
            try self.validityNotBefore?.validate(name: "\(name).validityNotBefore")
        }

        private enum CodingKeys: String, CodingKey {
            case apiPassthrough = "ApiPassthrough"
            case certificateAuthorityArn = "CertificateAuthorityArn"
            case csr = "Csr"
            case idempotencyToken = "IdempotencyToken"
            case signingAlgorithm = "SigningAlgorithm"
            case templateArn = "TemplateArn"
            case validity = "Validity"
            case validityNotBefore = "ValidityNotBefore"
        }
    }

    public struct IssueCertificateResponse: AWSDecodableShape {
        /// The Amazon Resource Name (ARN) of the issued certificate and the certificate serial
        /// 			number. This is of the form:
        ///
        /// 			         arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012/certificate/286535153982981100925020015808220737245
        ///
        public let certificateArn: String?

        public init(certificateArn: String? = nil) {
            self.certificateArn = certificateArn
        }

        private enum CodingKeys: String, CodingKey {
            case certificateArn = "CertificateArn"
        }
    }

    public struct KeyUsage: AWSEncodableShape & AWSDecodableShape {
        /// Key can be used to sign CRLs.
        public let crlSign: Bool?
        /// Key can be used to decipher data.
        public let dataEncipherment: Bool?
        /// Key can be used only to decipher data.
        public let decipherOnly: Bool?
        ///  Key can be used for digital signing.
        public let digitalSignature: Bool?
        /// Key can be used only to encipher data.
        public let encipherOnly: Bool?
        /// Key can be used in a key-agreement protocol.
        public let keyAgreement: Bool?
        /// Key can be used to sign certificates.
        public let keyCertSign: Bool?
        /// Key can be used to encipher data.
        public let keyEncipherment: Bool?
        /// Key can be used for non-repudiation.
        public let nonRepudiation: Bool?

        public init(crlSign: Bool? = nil, dataEncipherment: Bool? = nil, decipherOnly: Bool? = nil, digitalSignature: Bool? = nil, encipherOnly: Bool? = nil, keyAgreement: Bool? = nil, keyCertSign: Bool? = nil, keyEncipherment: Bool? = nil, nonRepudiation: Bool? = nil) {
            self.crlSign = crlSign
            self.dataEncipherment = dataEncipherment
            self.decipherOnly = decipherOnly
            self.digitalSignature = digitalSignature
            self.encipherOnly = encipherOnly
            self.keyAgreement = keyAgreement
            self.keyCertSign = keyCertSign
            self.keyEncipherment = keyEncipherment
            self.nonRepudiation = nonRepudiation
        }

        private enum CodingKeys: String, CodingKey {
            case crlSign = "CRLSign"
            case dataEncipherment = "DataEncipherment"
            case decipherOnly = "DecipherOnly"
            case digitalSignature = "DigitalSignature"
            case encipherOnly = "EncipherOnly"
            case keyAgreement = "KeyAgreement"
            case keyCertSign = "KeyCertSign"
            case keyEncipherment = "KeyEncipherment"
            case nonRepudiation = "NonRepudiation"
        }
    }

    public struct ListCertificateAuthoritiesRequest: AWSEncodableShape {
        /// Use this parameter when paginating results to specify the maximum number of items to
        /// 			return in the response on each page. If additional items exist beyond the number you
        /// 			specify, the NextToken element is sent in the response. Use this
        /// 				NextToken value in a subsequent request to retrieve additional
        /// 			items.
        public let maxResults: Int?
        /// Use this parameter when paginating results in a subsequent request after you receive a
        /// 			response with truncated results. Set it to the value of the NextToken
        /// 			parameter from the response you just received.
        public let nextToken: String?
        /// Use this parameter to filter the returned set of certificate authorities based on
        /// 			their owner. The default is SELF.
        public let resourceOwner: ResourceOwner?

        public init(maxResults: Int? = nil, nextToken: String? = nil, resourceOwner: ResourceOwner? = nil) {
            self.maxResults = maxResults
            self.nextToken = nextToken
            self.resourceOwner = resourceOwner
        }

        public func validate(name: String) throws {
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 1000)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 500)
            try self.validate(self.nextToken, name: "nextToken", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case maxResults = "MaxResults"
            case nextToken = "NextToken"
            case resourceOwner = "ResourceOwner"
        }
    }

    public struct ListCertificateAuthoritiesResponse: AWSDecodableShape {
        /// Summary information about each certificate authority you have created.
        public let certificateAuthorities: [CertificateAuthority]?
        /// When the list is truncated, this value is present and should be used for the
        /// 				NextToken parameter in a subsequent pagination request.
        public let nextToken: String?

        public init(certificateAuthorities: [CertificateAuthority]? = nil, nextToken: String? = nil) {
            self.certificateAuthorities = certificateAuthorities
            self.nextToken = nextToken
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthorities = "CertificateAuthorities"
            case nextToken = "NextToken"
        }
    }

    public struct ListPermissionsRequest: AWSEncodableShape {
        /// The Amazon Resource Number (ARN) of the private CA to inspect. You can find the ARN by
        /// 			calling the ListCertificateAuthorities action. This must be of the form:
        /// 				arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
        /// 			You can get a private CA's ARN by running the ListCertificateAuthorities action.
        public let certificateAuthorityArn: String
        /// When paginating results, use this parameter to specify the maximum number of items to
        /// 			return in the response. If additional items exist beyond the number you specify, the
        /// 				NextToken element is sent in the response. Use this
        /// 				NextToken value in a subsequent request to retrieve
        /// 			additional items.
        public let maxResults: Int?
        /// When paginating results, use this parameter in a subsequent request after you receive
        /// 			a response with truncated results. Set it to the value of NextToken from the response you just received.
        public let nextToken: String?

        public init(certificateAuthorityArn: String, maxResults: Int? = nil, nextToken: String? = nil) {
            self.certificateAuthorityArn = certificateAuthorityArn
            self.maxResults = maxResults
            self.nextToken = nextToken
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, max: 200)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, min: 5)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, pattern: "^arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*$")
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 1000)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 500)
            try self.validate(self.nextToken, name: "nextToken", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthorityArn = "CertificateAuthorityArn"
            case maxResults = "MaxResults"
            case nextToken = "NextToken"
        }
    }

    public struct ListPermissionsResponse: AWSDecodableShape {
        /// When the list is truncated, this value is present and should be used for the NextToken parameter in a subsequent pagination request.
        ///
        public let nextToken: String?
        /// Summary information about each permission assigned by the specified private CA,
        /// 			including the action enabled, the policy provided, and the time of creation.
        public let permissions: [Permission]?

        public init(nextToken: String? = nil, permissions: [Permission]? = nil) {
            self.nextToken = nextToken
            self.permissions = permissions
        }

        private enum CodingKeys: String, CodingKey {
            case nextToken = "NextToken"
            case permissions = "Permissions"
        }
    }

    public struct ListTagsRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) that was returned when you called the CreateCertificateAuthority action. This must be of the form:
        ///
        /// 			         arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
        ///
        public let certificateAuthorityArn: String
        /// Use this parameter when paginating results to specify the maximum number of items to
        /// 			return in the response. If additional items exist beyond the number you specify, the
        /// 				NextToken element is sent in the response. Use this
        /// 				NextToken value in a subsequent request to retrieve
        /// 			additional items.
        public let maxResults: Int?
        /// Use this parameter when paginating results in a subsequent request after you receive a
        /// 			response with truncated results. Set it to the value of NextToken from the response you just received.
        public let nextToken: String?

        public init(certificateAuthorityArn: String, maxResults: Int? = nil, nextToken: String? = nil) {
            self.certificateAuthorityArn = certificateAuthorityArn
            self.maxResults = maxResults
            self.nextToken = nextToken
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, max: 200)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, min: 5)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, pattern: "^arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*$")
            try self.validate(self.maxResults, name: "maxResults", parent: name, max: 1000)
            try self.validate(self.maxResults, name: "maxResults", parent: name, min: 1)
            try self.validate(self.nextToken, name: "nextToken", parent: name, max: 500)
            try self.validate(self.nextToken, name: "nextToken", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthorityArn = "CertificateAuthorityArn"
            case maxResults = "MaxResults"
            case nextToken = "NextToken"
        }
    }

    public struct ListTagsResponse: AWSDecodableShape {
        /// When the list is truncated, this value is present and should be used for the NextToken parameter in a subsequent pagination request.
        ///
        public let nextToken: String?
        /// The tags associated with your private CA.
        public let tags: [Tag]?

        public init(nextToken: String? = nil, tags: [Tag]? = nil) {
            self.nextToken = nextToken
            self.tags = tags
        }

        private enum CodingKeys: String, CodingKey {
            case nextToken = "NextToken"
            case tags = "Tags"
        }
    }

    public struct OcspConfiguration: AWSEncodableShape & AWSDecodableShape {
        /// Flag enabling use of the Online Certificate Status Protocol (OCSP) for validating
        /// 			certificate revocation status.
        public let enabled: Bool
        /// By default, ACM Private CA injects an Amazon Web Services domain into certificates being validated by
        /// 			the Online Certificate Status Protocol (OCSP). A customer can alternatively use this
        /// 			object to define a CNAME specifying a customized OCSP domain.
        /// 		       Note: The value of the CNAME must not include a protocol prefix such as "http://" or
        /// 			"https://".
        /// 		       For more information, see Customizing Online Certificate Status Protocol
        /// 				(OCSP)  in the Private Certificate Authority (PCA) User Guide.
        public let ocspCustomCname: String?

        public init(enabled: Bool, ocspCustomCname: String? = nil) {
            self.enabled = enabled
            self.ocspCustomCname = ocspCustomCname
        }

        public func validate(name: String) throws {
            try self.validate(self.ocspCustomCname, name: "ocspCustomCname", parent: name, max: 253)
        }

        private enum CodingKeys: String, CodingKey {
            case enabled = "Enabled"
            case ocspCustomCname = "OcspCustomCname"
        }
    }

    public struct OtherName: AWSEncodableShape & AWSDecodableShape {
        /// Specifies an OID.
        public let typeId: String
        /// Specifies an OID value.
        public let value: String

        public init(typeId: String, value: String) {
            self.typeId = typeId
            self.value = value
        }

        public func validate(name: String) throws {
            try self.validate(self.typeId, name: "typeId", parent: name, max: 64)
            try self.validate(self.typeId, name: "typeId", parent: name, pattern: "^([0-2])\\.([0-9]|([0-3][0-9]))((\\.([0-9]+)){0,126})$")
            try self.validate(self.value, name: "value", parent: name, max: 256)
        }

        private enum CodingKeys: String, CodingKey {
            case typeId = "TypeId"
            case value = "Value"
        }
    }

    public struct Permission: AWSDecodableShape {
        /// The private CA actions that can be performed by the designated Amazon Web Services service.
        public let actions: [ActionType]?
        /// The Amazon Resource Number (ARN) of the private CA from which the permission was
        /// 			issued.
        public let certificateAuthorityArn: String?
        /// The time at which the permission was created.
        public let createdAt: Date?
        /// The name of the policy that is associated with the permission.
        public let policy: String?
        /// The Amazon Web Services service or entity that holds the permission. At this time, the only valid
        /// 			principal is acm.amazonaws.com.
        public let principal: String?
        /// The ID of the account that assigned the permission.
        public let sourceAccount: String?

        public init(actions: [ActionType]? = nil, certificateAuthorityArn: String? = nil, createdAt: Date? = nil, policy: String? = nil, principal: String? = nil, sourceAccount: String? = nil) {
            self.actions = actions
            self.certificateAuthorityArn = certificateAuthorityArn
            self.createdAt = createdAt
            self.policy = policy
            self.principal = principal
            self.sourceAccount = sourceAccount
        }

        private enum CodingKeys: String, CodingKey {
            case actions = "Actions"
            case certificateAuthorityArn = "CertificateAuthorityArn"
            case createdAt = "CreatedAt"
            case policy = "Policy"
            case principal = "Principal"
            case sourceAccount = "SourceAccount"
        }
    }

    public struct PolicyInformation: AWSEncodableShape {
        /// Specifies the object identifier (OID) of the certificate policy under which the
        /// 			certificate was issued. For more information, see NIST's definition of Object Identifier
        /// 				(OID).
        public let certPolicyId: String
        /// Modifies the given CertPolicyId with a qualifier. ACM Private CA supports the
        /// 			certification practice statement (CPS) qualifier.
        public let policyQualifiers: [PolicyQualifierInfo]?

        public init(certPolicyId: String, policyQualifiers: [PolicyQualifierInfo]? = nil) {
            self.certPolicyId = certPolicyId
            self.policyQualifiers = policyQualifiers
        }

        public func validate(name: String) throws {
            try self.validate(self.certPolicyId, name: "certPolicyId", parent: name, max: 64)
            try self.validate(self.certPolicyId, name: "certPolicyId", parent: name, pattern: "^([0-2])\\.([0-9]|([0-3][0-9]))((\\.([0-9]+)){0,126})$")
            try self.policyQualifiers?.forEach {
                try $0.validate(name: "\(name).policyQualifiers[]")
            }
            try self.validate(self.policyQualifiers, name: "policyQualifiers", parent: name, max: 20)
            try self.validate(self.policyQualifiers, name: "policyQualifiers", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case certPolicyId = "CertPolicyId"
            case policyQualifiers = "PolicyQualifiers"
        }
    }

    public struct PolicyQualifierInfo: AWSEncodableShape {
        /// Identifies the qualifier modifying a CertPolicyId.
        public let policyQualifierId: PolicyQualifierId
        /// Defines the qualifier type. ACM Private CA supports the use of a URI for a CPS qualifier
        /// 			in this field.
        public let qualifier: Qualifier

        public init(policyQualifierId: PolicyQualifierId, qualifier: Qualifier) {
            self.policyQualifierId = policyQualifierId
            self.qualifier = qualifier
        }

        public func validate(name: String) throws {
            try self.qualifier.validate(name: "\(name).qualifier")
        }

        private enum CodingKeys: String, CodingKey {
            case policyQualifierId = "PolicyQualifierId"
            case qualifier = "Qualifier"
        }
    }

    public struct PutPolicyRequest: AWSEncodableShape {
        /// The path and file name of a JSON-formatted IAM policy to attach to the specified
        /// 			private CA resource. If this policy does not contain all required statements or if it
        /// 			includes any statement that is not allowed, the PutPolicy action returns an
        /// 				InvalidPolicyException. For information about IAM policy and
        /// 			statement structure, see Overview of JSON Policies.
        public let policy: String
        /// The Amazon Resource Number (ARN) of the private CA to associate with the policy. The
        /// 			ARN of the CA can be found by calling the ListCertificateAuthorities action.
        ///
        public let resourceArn: String

        public init(policy: String, resourceArn: String) {
            self.policy = policy
            self.resourceArn = resourceArn
        }

        public func validate(name: String) throws {
            try self.validate(self.policy, name: "policy", parent: name, max: 20480)
            try self.validate(self.policy, name: "policy", parent: name, min: 1)
            try self.validate(self.policy, name: "policy", parent: name, pattern: "^[\\u0009\\u000A\\u000D\\u0020-\\u00FF]+$")
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, max: 200)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, min: 5)
            try self.validate(self.resourceArn, name: "resourceArn", parent: name, pattern: "^arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*$")
        }

        private enum CodingKeys: String, CodingKey {
            case policy = "Policy"
            case resourceArn = "ResourceArn"
        }
    }

    public struct Qualifier: AWSEncodableShape {
        /// Contains a pointer to a certification practice statement (CPS) published by the
        /// 			CA.
        public let cpsUri: String

        public init(cpsUri: String) {
            self.cpsUri = cpsUri
        }

        public func validate(name: String) throws {
            try self.validate(self.cpsUri, name: "cpsUri", parent: name, max: 256)
        }

        private enum CodingKeys: String, CodingKey {
            case cpsUri = "CpsUri"
        }
    }

    public struct RestoreCertificateAuthorityRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) that was returned when you called the CreateCertificateAuthority action. This must be of the form:
        ///
        /// 			         arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
        ///
        public let certificateAuthorityArn: String

        public init(certificateAuthorityArn: String) {
            self.certificateAuthorityArn = certificateAuthorityArn
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, max: 200)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, min: 5)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, pattern: "^arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*$")
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthorityArn = "CertificateAuthorityArn"
        }
    }

    public struct RevocationConfiguration: AWSEncodableShape & AWSDecodableShape {
        /// Configuration of the certificate revocation list (CRL), if any, maintained by your
        /// 			private CA. A CRL is typically updated approximately 30 minutes after a certificate
        /// 	is revoked. If for any reason a CRL update fails, ACM Private CA makes further attempts
        /// 	every 15 minutes.
        public let crlConfiguration: CrlConfiguration?
        /// Configuration of Online Certificate Status Protocol (OCSP) support, if any, maintained
        /// 			by your private CA. When you revoke a certificate, OCSP responses may take up to 60 minutes
        /// 	to reflect the new status.
        public let ocspConfiguration: OcspConfiguration?

        public init(crlConfiguration: CrlConfiguration? = nil, ocspConfiguration: OcspConfiguration? = nil) {
            self.crlConfiguration = crlConfiguration
            self.ocspConfiguration = ocspConfiguration
        }

        public func validate(name: String) throws {
            try self.crlConfiguration?.validate(name: "\(name).crlConfiguration")
            try self.ocspConfiguration?.validate(name: "\(name).ocspConfiguration")
        }

        private enum CodingKeys: String, CodingKey {
            case crlConfiguration = "CrlConfiguration"
            case ocspConfiguration = "OcspConfiguration"
        }
    }

    public struct RevokeCertificateRequest: AWSEncodableShape {
        /// Amazon Resource Name (ARN) of the private CA that issued the certificate to be
        /// 			revoked. This must be of the form:
        ///
        /// 			         arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
        ///
        public let certificateAuthorityArn: String
        /// Serial number of the certificate to be revoked. This must be in hexadecimal format.
        /// 			You can retrieve the serial number by calling GetCertificate with the Amazon
        /// 			Resource Name (ARN) of the certificate you want and the ARN of your private CA. The
        /// 				GetCertificate action retrieves the certificate in
        /// 			the PEM format. You can use the following OpenSSL command to list the certificate in
        /// 			text format and copy the hexadecimal serial number.
        /// 		        openssl x509 -in file_path -text -noout
        /// 		       You can also copy the serial number from the console or use the DescribeCertificate action in the Certificate Manager API
        /// 				Reference.
        public let certificateSerial: String
        /// Specifies why you revoked the certificate.
        public let revocationReason: RevocationReason

        public init(certificateAuthorityArn: String, certificateSerial: String, revocationReason: RevocationReason) {
            self.certificateAuthorityArn = certificateAuthorityArn
            self.certificateSerial = certificateSerial
            self.revocationReason = revocationReason
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, max: 200)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, min: 5)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, pattern: "^arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*$")
            try self.validate(self.certificateSerial, name: "certificateSerial", parent: name, max: 128)
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthorityArn = "CertificateAuthorityArn"
            case certificateSerial = "CertificateSerial"
            case revocationReason = "RevocationReason"
        }
    }

    public struct Tag: AWSEncodableShape & AWSDecodableShape {
        /// Key (name) of the tag.
        public let key: String
        /// Value of the tag.
        public let value: String?

        public init(key: String, value: String? = nil) {
            self.key = key
            self.value = value
        }

        public func validate(name: String) throws {
            try self.validate(self.key, name: "key", parent: name, max: 128)
            try self.validate(self.key, name: "key", parent: name, min: 1)
            try self.validate(self.key, name: "key", parent: name, pattern: "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$")
            try self.validate(self.value, name: "value", parent: name, max: 256)
            try self.validate(self.value, name: "value", parent: name, pattern: "^([\\p{L}\\p{Z}\\p{N}_.:/=+\\-@]*)$")
        }

        private enum CodingKeys: String, CodingKey {
            case key = "Key"
            case value = "Value"
        }
    }

    public struct TagCertificateAuthorityRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must be of the form:
        ///
        /// 			         arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
        ///
        public let certificateAuthorityArn: String
        /// List of tags to be associated with the CA.
        public let tags: [Tag]

        public init(certificateAuthorityArn: String, tags: [Tag]) {
            self.certificateAuthorityArn = certificateAuthorityArn
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, max: 200)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, min: 5)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, pattern: "^arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*$")
            try self.tags.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
            try self.validate(self.tags, name: "tags", parent: name, max: 50)
            try self.validate(self.tags, name: "tags", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthorityArn = "CertificateAuthorityArn"
            case tags = "Tags"
        }
    }

    public struct UntagCertificateAuthorityRequest: AWSEncodableShape {
        /// The Amazon Resource Name (ARN) that was returned when you called CreateCertificateAuthority. This must be of the form:
        ///
        /// 			         arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
        ///
        public let certificateAuthorityArn: String
        /// List of tags to be removed from the CA.
        public let tags: [Tag]

        public init(certificateAuthorityArn: String, tags: [Tag]) {
            self.certificateAuthorityArn = certificateAuthorityArn
            self.tags = tags
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, max: 200)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, min: 5)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, pattern: "^arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*$")
            try self.tags.forEach {
                try $0.validate(name: "\(name).tags[]")
            }
            try self.validate(self.tags, name: "tags", parent: name, max: 50)
            try self.validate(self.tags, name: "tags", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthorityArn = "CertificateAuthorityArn"
            case tags = "Tags"
        }
    }

    public struct UpdateCertificateAuthorityRequest: AWSEncodableShape {
        /// Amazon Resource Name (ARN) of the private CA that issued the certificate to be
        /// 			revoked. This must be of the form:
        ///
        /// 			         arn:aws:acm-pca:region:account:certificate-authority/12345678-1234-1234-1234-123456789012
        ///
        public let certificateAuthorityArn: String
        /// Contains information to enable Online Certificate Status Protocol (OCSP) support, to
        /// 			enable a certificate revocation list (CRL), to enable both, or to enable neither. If
        /// 			this parameter is not supplied, existing capibilites remain unchanged. For more
        /// 			information, see the OcspConfiguration and CrlConfiguration types.
        public let revocationConfiguration: RevocationConfiguration?
        /// Status of your private CA.
        public let status: CertificateAuthorityStatus?

        public init(certificateAuthorityArn: String, revocationConfiguration: RevocationConfiguration? = nil, status: CertificateAuthorityStatus? = nil) {
            self.certificateAuthorityArn = certificateAuthorityArn
            self.revocationConfiguration = revocationConfiguration
            self.status = status
        }

        public func validate(name: String) throws {
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, max: 200)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, min: 5)
            try self.validate(self.certificateAuthorityArn, name: "certificateAuthorityArn", parent: name, pattern: "^arn:[\\w+=/,.@-]+:[\\w+=/,.@-]+:[\\w+=/,.@-]*:[0-9]*:[\\w+=,.@-]+(/[\\w+=,.@-]+)*$")
            try self.revocationConfiguration?.validate(name: "\(name).revocationConfiguration")
        }

        private enum CodingKeys: String, CodingKey {
            case certificateAuthorityArn = "CertificateAuthorityArn"
            case revocationConfiguration = "RevocationConfiguration"
            case status = "Status"
        }
    }

    public struct Validity: AWSEncodableShape {
        /// Determines how ACM Private CA interprets the Value
        /// 			parameter, an integer. Supported validity types include those listed below. Type
        /// 			definitions with values include a sample input value and the resulting output.
        /// 		        END_DATE: The specific date and time when the certificate will expire,
        /// 			expressed using UTCTime (YYMMDDHHMMSS) or GeneralizedTime (YYYYMMDDHHMMSS) format. When
        /// 			UTCTime is used, if the year field (YY) is greater than or equal to 50, the year is
        /// 			interpreted as 19YY. If the year field is less than 50, the year is interpreted as
        /// 			20YY.
        ///
        /// 				           Sample input value: 491231235959 (UTCTime format)
        ///
        /// 				           Output expiration date/time: 12/31/2049 23:59:59
        ///
        /// 		        ABSOLUTE: The specific date and time when the validity of a certificate
        /// 			will start or expire, expressed in seconds since the Unix Epoch.
        ///
        /// 				           Sample input value: 2524608000
        ///
        /// 				           Output expiration date/time: 01/01/2050 00:00:00
        ///
        /// 		        DAYS, MONTHS, YEARS: The relative time from the
        /// 			moment of issuance until the certificate will expire, expressed in days, months, or
        /// 			years.
        /// 		       Example if DAYS, issued on 10/12/2020 at 12:34:54 UTC:
        ///
        /// 				           Sample input value: 90
        ///
        /// 				           Output expiration date: 01/10/2020 12:34:54 UTC
        ///
        /// 		       The minimum validity duration for a certificate using relative time
        /// 			(DAYS) is one day. The minimum validity for a certificate using absolute
        /// 			time (ABSOLUTE or END_DATE) is one second.
        public let type: ValidityPeriodType
        /// A long integer interpreted according to the value of Type, below.
        public let value: Int64

        public init(type: ValidityPeriodType, value: Int64) {
            self.type = type
            self.value = value
        }

        public func validate(name: String) throws {
            try self.validate(self.value, name: "value", parent: name, min: 1)
        }

        private enum CodingKeys: String, CodingKey {
            case type = "Type"
            case value = "Value"
        }
    }
}

// MARK: - Errors

/// Error enum for ACMPCA
public struct ACMPCAErrorType: AWSErrorType {
    enum Code: String {
        case certificateMismatchException = "CertificateMismatchException"
        case concurrentModificationException = "ConcurrentModificationException"
        case invalidArgsException = "InvalidArgsException"
        case invalidArnException = "InvalidArnException"
        case invalidNextTokenException = "InvalidNextTokenException"
        case invalidPolicyException = "InvalidPolicyException"
        case invalidRequestException = "InvalidRequestException"
        case invalidStateException = "InvalidStateException"
        case invalidTagException = "InvalidTagException"
        case limitExceededException = "LimitExceededException"
        case lockoutPreventedException = "LockoutPreventedException"
        case malformedCSRException = "MalformedCSRException"
        case malformedCertificateException = "MalformedCertificateException"
        case permissionAlreadyExistsException = "PermissionAlreadyExistsException"
        case requestAlreadyProcessedException = "RequestAlreadyProcessedException"
        case requestFailedException = "RequestFailedException"
        case requestInProgressException = "RequestInProgressException"
        case resourceNotFoundException = "ResourceNotFoundException"
        case tooManyTagsException = "TooManyTagsException"
    }

    private let error: Code
    public let context: AWSErrorContext?

    /// initialize ACMPCA
    public init?(errorCode: String, context: AWSErrorContext) {
        guard let error = Code(rawValue: errorCode) else { return nil }
        self.error = error
        self.context = context
    }

    internal init(_ error: Code) {
        self.error = error
        self.context = nil
    }

    /// return error code string
    public var errorCode: String { self.error.rawValue }

    /// The certificate authority certificate you are importing does not comply with
    /// 			conditions specified in the certificate that signed it.
    public static var certificateMismatchException: Self { .init(.certificateMismatchException) }
    /// A previous update to your private CA is still ongoing.
    public static var concurrentModificationException: Self { .init(.concurrentModificationException) }
    /// One or more of the specified arguments was not valid.
    public static var invalidArgsException: Self { .init(.invalidArgsException) }
    /// The requested Amazon Resource Name (ARN) does not refer to an existing
    /// 			resource.
    public static var invalidArnException: Self { .init(.invalidArnException) }
    /// The token specified in the NextToken argument is not valid. Use the token
    /// 			returned from your previous call to ListCertificateAuthorities.
    public static var invalidNextTokenException: Self { .init(.invalidNextTokenException) }
    /// The resource policy is invalid or is missing a required statement. For general
    /// 			information about IAM policy and statement structure, see Overview of JSON Policies.
    public static var invalidPolicyException: Self { .init(.invalidPolicyException) }
    /// The request action cannot be performed or is prohibited.
    public static var invalidRequestException: Self { .init(.invalidRequestException) }
    /// The state of the private CA does not allow this action to occur.
    public static var invalidStateException: Self { .init(.invalidStateException) }
    /// The tag associated with the CA is not valid. The invalid argument is contained in the
    /// 			message field.
    public static var invalidTagException: Self { .init(.invalidTagException) }
    /// An ACM Private CA quota has been exceeded. See the exception message returned to determine
    /// 			the quota that was exceeded.
    public static var limitExceededException: Self { .init(.limitExceededException) }
    /// The current action was prevented because it would lock the caller out from performing
    /// 			subsequent actions. Verify that the specified parameters would not result in the caller
    /// 			being denied access to the resource.
    public static var lockoutPreventedException: Self { .init(.lockoutPreventedException) }
    /// The certificate signing request is invalid.
    public static var malformedCSRException: Self { .init(.malformedCSRException) }
    /// One or more fields in the certificate are invalid.
    public static var malformedCertificateException: Self { .init(.malformedCertificateException) }
    /// The designated permission has already been given to the user.
    public static var permissionAlreadyExistsException: Self { .init(.permissionAlreadyExistsException) }
    /// Your request has already been completed.
    public static var requestAlreadyProcessedException: Self { .init(.requestAlreadyProcessedException) }
    /// The request has failed for an unspecified reason.
    public static var requestFailedException: Self { .init(.requestFailedException) }
    /// Your request is already in progress.
    public static var requestInProgressException: Self { .init(.requestInProgressException) }
    /// A resource such as a private CA, S3 bucket, certificate, audit report, or policy
    /// 			cannot be found.
    public static var resourceNotFoundException: Self { .init(.resourceNotFoundException) }
    /// You can associate up to 50 tags with a private CA. Exception information is contained
    /// 			in the exception message field.
    public static var tooManyTagsException: Self { .init(.tooManyTagsException) }
}

extension ACMPCAErrorType: Equatable {
    public static func == (lhs: ACMPCAErrorType, rhs: ACMPCAErrorType) -> Bool {
        lhs.error == rhs.error
    }
}

extension ACMPCAErrorType: CustomStringConvertible {
    public var description: String {
        return "\(self.error.rawValue): \(self.message ?? "")"
    }
}
